<?php
require_once '../global.inc.php';

//页面传入参数
$pOldPassword 		= $_POST["oldPassword"];
$pPassword 			= $_POST["password"];
$pPassword2 		= $_POST["password2"];
$pEmail 			= $_POST["email"];

//session里面存储的
$sUserId 			= $_SESSION["user"]["user_id"];
$sPassword 			= $_SESSION["user"]["password"];
$sEmail 			= $_SESSION["user"]["email"];

Database::connect($HOST, $NAME, $PWD, $DB);
if (md5($pOldPassword)==$sPassword&&$pEmail==$sEmail) {
	$subject 	= "密码修改邮件，注意查收";
	$subject 	= "=?UTF-8?B?".base64_encode($subject)."?=";
	$message 	= "尊敬的用户，你已经将密码修改为：\"$pPassword\"，请留存本邮件备查！";
	$from 		= "admin@loto.com";
	$header 	= 'MIME-Version: 1.0' . "\r\n"
				. "Content-type: text/html; charset=utf-8". "\r\n"
				. "From: <$from>"."\r\n";
	//修改密码
	Database::begin();
	$newPassword = md5($pPassword);
	//更新密码
	$rt = Database::update("update user set password='$newPassword' where user_id=$sUserId");
	//发送邮件
	$send = mail($sEmail,$subject,$message,$header);
	if($send&&$rt){
		Database::commit();
		//清空session
		session_destroy();
		echo "<script>alert('你的密码已经修改，需要使用新密码重新登录，一封密码修改的邮件已经发送到你的邮箱，请查收！');</script>";
		echo "<script>top.location.href='../login.php';</script>";
	}else{
		Database::rollback();
		echo "<script>alert('邮件发送失败，请稍后重试！');</script>";
		echo "<script>history.go(-1);</script>";
	}
	Database::end();
}else{
	echo "<script>alert('你的旧密码或者邮箱输入错误！');</script>";
	echo "<script>history.go(-1);</script>";
}
Database::close();
?>